Discussion (15) ¬

I’ll write my comments in the same format for clarity.
For right now, if you can, try putting up some sort of message saying “we had some issues so please excuse half our site being down” just so you don’t get a flood of “did you know your site is broken?” e-mails [or have upset and confused visitors, which is not very professional].

1) The javascript was not working [for me]. There are a million variations of the code online so it’s very easy to reproduce.

2) You can easily only have one “hot” thing on the front page. The News section could be a separate blog page if you still want to have that information.

3) Right now only the home page appears to be up [for me]. You need to think about how you want to organize your content.

4) EASY to do. Are each of these pages “properties?” And how much content would be on each page? Do any of them have their own “sub-sites?”

5) Having as few scripts as possible is the best way to prevent hacking that I know of, other than having a secure server with proper permissions. Do you know what the permissions are for all of your pages?
(Everyone else helping: what are other security measures?)

6) Do you want the store to follow the same layout as the other pages? Because it currently is not.

7) Lightbox is a great script, especially because you can customize the look of the pop-up to be less intrusive (i.e. not bright white).

Oh, I’d also recommend a more useful error (404) page than the plain text that currently exists. Add a link back to the homepage, etc.

And make sure that the e-mail addresses are correct. The error page has “webmaster@…” and the homepage’s “contact” link is you.

Because the site’s layout is in tables, it will probably be awkward to edit and will definitely not be easy to change the design in the future. I could go on about tables and other web standards but I won’t now unless you ask. The other big part of security is validation, but since your website is static except for certain images, you shouldn’t have to worry. (Please correct me if I’m wrong on this, I don’t want to give out any invisible security blankets.)

Good luck if you decide to work on it on your own, otherwise shoot me (or one of the other volunteers) an e-mail.

The javascript doesn’t seem to be working, but as TM said, javascript image change things are a dime a dozen.

How do you edit your sites? Dreamweaver? Some sort of “Visual” editor? What’s your level of web-creation expertise?

So far as making an un-hackable site, do you know how it was hacked before? Did they get in through a page somehow, or did they get in through the back-end somewhere? Knowing that is probably the easiest way to figure out how to stop it again.

I’d just make a “template” of how you want your pages to look, and then change the text in the box (or wherever) based on the page. In Dreamweaver you can actually save items as “template files” which have modifyable fields and so on. Personally I just save an empty file and change whatever I need.

I agree (again) with TM: Table-based layouts make me cry (and are not standards-compliant besides). If it’s been a while since you updated that site, you might want to consider using this disaster as an excuse to update the look anyway: Kill two birds with one stone.

Security-wise, stop people from being able to view directory indexes by setting adequate permissions, also keep up on current exploits for whatever scripting you have enabled by reading around, and take whatever steps are required. If you have any forms that are going into databases, make sure you “sanitize” your input before you actually store it. This will stop people from hijacking your SQL statements and putting their own malicious code in there instead.

Good luck, and (parrotting TM yet again), feel free to shoot me an e-mail if you need any help. 🙂

For adding new pages, the easiest way is probably to just make a copy of the template each time you want to make a new page and then edit it. There are plenty of free “what you see is what you get” editors which make very ugly code, but which do actually work. http://www.dynamic-html-editor.com/en/home.asp (I have no idea how good this one is)

Just google “WYSIWYG web editor” or “WYSIWYG html editor”. You’ll never have to mess with code, unless you decide you want to (it’s much better if you do, but you have much more important things to do. Like comic!). Alternately you can try to find some fan to manage all that for you. I’m sure you’d get plenty of takers for it :p

So far as safety goes, it’s going to be really hard to know for sure whether or not you’ve fixed something without knowing what it was that had the leak in the first place. If you can’t figure it out, just don’t put any “dynamic” content at all, and you should be pretty safe.

sorry the site got hacked – who would do that to someone as nice as you?

awesome about cheaper international shipping. i looked at the shipping and it was $50 to israel – making a purchase totally unfeasible. i’ve thought about shipping it to a stateside relative and i may still do that but not everyone has that option and outlandish shipping fees definitely do prevent non-u.s. residents from purchasing all the time.